通过带有SSL的JDBC连接到Google Cloud PostgreSQL [英] Connection to Google Cloud PostgreSQL via JDBC with SSL

问题描述

我无法使用JDBC连接Google Cloud PostgreSQL.

I can't connect Google Cloud PostgreSQL with JDBC.

Java版本:1.8.0_162

Java Version : 1.8.0_162

PostgreSQL JDBC版本:42.2.2

PostgreSQL JDBC Version : 42.2.2

 try {
    Class.forName("org.postgresql.Driver");
} catch (ClassNotFoundException e) {
    System.out.println("Class not found");
}

String url = "jdbc:postgresql://ipaddresshere:5432/postgres";

Properties props = new Properties();
props.setProperty("user","postgres");
props.setProperty("password","passwordhere");

props.setProperty("ssl","true");
props.setProperty("sslcert","/Users/bguler/Desktop/GoogleCloudPGSSL/client-cert.pem");
props.setProperty("sslkey","/Users/bguler/Desktop/GoogleCloudPGSSL/client-key.pem");
props.setProperty("sslrootcert","/Users/bguler/Desktop/GoogleCloudPGSSL/server-ca.pem");

try {

    Connection conn = DriverManager.getConnection(url, props);
    System.out.println(conn);

} catch (SQLException ex) {

    System.out.println(ex.getMessage());

}

我测试的证书路径正确.

I tested certificate paths are right.

它将错误抛出为;

原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

SSL错误:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效认证路径

SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我可以毫无问题地通过psql在终端上进行连接;

I can connect on terminal via psql without a problem ;

psql "sslrootcert=server-ca.pem \
  sslcert=client-cert.pem sslkey=client-key.pem \
  hostaddr=ipaddress \
  port=5432 \
  user=postgres dbname=postgres"

推荐答案

如果Java默认信任库不信任Postgres服务器使用的证书，则需要添加它.

If the certificate that is used by the Postgres server is not trusted by the Java default trust store you will need to add it.

首先，将您的证书转换为DER格式:

First, convert your certificate in a DER format :

openssl x509 -outform der -in server-ca.pem -out server-ca.der

然后，将其导入密钥库:

And after, import it in the keystore :

keytool -import -trustcacerts -alias your-alias -keystore cacerts -file server-ca.der

或者，您可以使用Java系统属性来通过添加命令行参数来更改信任存储:

Alternatively, you could use Java System properties to change the trust store used by adding command line parameters:

-Djavax.net.ssl.trustStore=<path to your trusstore>.jks -Djavax.net.ssl.trustStorePassword=<your password>

通过在启动命令行中添加以下内容，将Java SSL类置于调试状态也很有帮助:

It can also be helpful to put the Java SSL classes in debug by adding the following to the startup command line:

-Djavax.net.debug=ssl,handshake:verbose

这篇关于通过带有SSL的JDBC连接到Google Cloud PostgreSQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！